Setup route map for icmp packets
I have two dsl lines coming into one router. I have a default route that goes out g0/1. I can't ping g0/0 from the outside because when the ping is being sent back out ir uses the default route and it needs to use the route out the g0/0 interface. I think I can use policy based routing for this but so far haven't got it right.
Can you give me the steps to set a route map that matched icmp traffic and sets the next-hop ip to ne g0/0. I think this should allow me to ping g0/0 from the outside.
Can you give me the steps to set a route map that matched icmp traffic and sets the next-hop ip to ne g0/0. I think this should allow me to ping g0/0 from the outside.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello
Yes there is a problem since one packet (echo) enters the router and another (echo-reply) exits the router which means that the packet marked for a route does not exist, you can try it the other but I do not know if it is helpful fro you this way:
conf t
ip local policy route-map ICMP
//activates route-map on traffic sourced from the router
access-list 140 permit icmp host 192.168.2.2 any
//192.168.2.2 is my router interface (source)
route-map ICMP permit 10
match ip address 140
set ip next-hop 192.168.2.1
The command debug ip policy is very helpful when troubleshooting route-maps:
*Mar 1 03:32:20.115: IP: route map ICMP, item 10, permit
*Mar 1 03:32:20.115: IP: s=192.168.2.2 (local), d=192.168.0.2 (FastEthernet0/1), len 100, policy routed
*Mar 1 03:32:20.115: IP: local to FastEthernet0/1 192.168.2.1
*Mar 1 03:32:20.167: IP: s=192.168.2.2 (local), d=192.168.0.2, len 100, policy match
Yes there is a problem since one packet (echo) enters the router and another (echo-reply) exits the router which means that the packet marked for a route does not exist, you can try it the other but I do not know if it is helpful fro you this way:
conf t
ip local policy route-map ICMP
//activates route-map on traffic sourced from the router
access-list 140 permit icmp host 192.168.2.2 any
//192.168.2.2 is my router interface (source)
route-map ICMP permit 10
match ip address 140
set ip next-hop 192.168.2.1
The command debug ip policy is very helpful when troubleshooting route-maps:
*Mar 1 03:32:20.115: IP: route map ICMP, item 10, permit
*Mar 1 03:32:20.115: IP: s=192.168.2.2 (local), d=192.168.0.2 (FastEthernet0/1), len 100, policy routed
*Mar 1 03:32:20.115: IP: local to FastEthernet0/1 192.168.2.1
*Mar 1 03:32:20.167: IP: s=192.168.2.2 (local), d=192.168.0.2, len 100, policy match
ASKER
access-list 130 permit icmp any host x.x.x.x-external ip
access-list 130 permit ip any any
Setup route map:
route-map ICMP permit 130
match ip address 130
set ip next-hop x.x.x.x-external ip
Then is applied the route map to the interface. I'm not getting any hits on the route map when running a show route-map.